Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/9ccf72-f2df-45b6-937b-6e079069b65b/1/_OUGlqALExRCoo8zMB6bb9eDmXc.roa
File: _OUGlqALExRCoo8zMB6bb9eDmXc.roa (raw, json)
Hash identifier: ipTSRVp8J11vHvrTnOUuSY3FM241+PUg9XZmqxS+8gU=
Subject key identifier: FC:E5:06:96:A0:0B:13:14:42:A2:8F:33:30:1E:9B:6F:D7:83:99:77
Certificate issuer: /CN=f6a1722e8baddc358a15874265b466743e703656
Certificate serial: 01905DFA3AD181902248EC99E6DF3DACBC87
Authority key identifier: F6:A1:72:2E:8B:AD:DC:35:8A:15:87:42:65:B4:66:74:3E:70:36:56
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9qFyLout3DWKFYdCZbRmdD5wNlY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fc/9ccf72-f2df-45b6-937b-6e079069b65b/1/_OUGlqALExRCoo8zMB6bb9eDmXc.roa
Signing time: Fri 28 Jun 2024 08:33:18 +0000
ROA not before: Fri 28 Jun 2024 08:33:18 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 206217
IP address blocks: 146.66.128.0/21 maxlen: 21
146.66.128.0/24 maxlen: 24
185.110.228.0/22 maxlen: 22
185.110.228.0/23 maxlen: 23
185.110.228.0/24 maxlen: 24
185.110.230.0/23 maxlen: 23
185.110.230.0/24 maxlen: 24
185.110.231.0/24 maxlen: 24
2a0f:cbc0::/29 maxlen: 29
2a0f:cbc0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:5d:fa:3a:d1:81:90:22:48:ec:99:e6:df:3d:ac:bc:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f6a1722e8baddc358a15874265b466743e703656
Validity
Not Before: Jun 28 08:33:18 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=fce50696a00b131442a28f33301e9b6fd7839977
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:9d:3a:46:82:fe:01:36:76:a7:b6:80:72:08:
8d:d2:cc:a6:0a:ce:4b:a2:19:e7:48:80:a2:db:40:
c9:ec:e4:e6:65:7f:0d:21:3e:fb:84:03:91:18:eb:
26:16:33:d9:a3:c7:72:7d:99:b1:94:1d:6a:60:14:
9e:36:35:31:b0:ac:30:ad:60:15:bc:a8:c3:c5:15:
56:19:02:b0:c9:3b:e3:29:53:82:3b:d9:c5:9a:62:
42:2a:4a:88:3a:e1:bb:41:cd:30:76:a0:4f:2e:a9:
52:93:8d:69:0b:66:49:94:ae:cc:fb:79:4c:9c:5a:
e6:94:dd:2b:8d:47:7c:07:3a:0c:ed:93:d1:77:7e:
93:df:7e:50:8a:ba:c5:28:74:01:65:bc:96:37:31:
4d:1e:90:d4:2d:5e:ec:27:2e:22:d6:34:14:cf:c2:
3d:fa:d4:51:c2:c7:7c:c9:31:9c:61:24:73:1d:96:
37:ab:44:da:fa:46:1c:c5:d5:2c:6b:9d:b8:4f:53:
cc:0f:5e:71:80:39:5b:1a:5f:fe:47:98:d7:80:d8:
1a:12:5d:22:21:ad:1c:16:b2:19:3a:73:5d:59:a7:
33:cc:f3:f3:5d:e2:a4:7a:dc:9d:ef:c3:df:0d:52:
29:3e:74:29:8e:ae:88:30:be:b4:d1:a3:b7:4a:71:
76:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:E5:06:96:A0:0B:13:14:42:A2:8F:33:30:1E:9B:6F:D7:83:99:77
X509v3 Authority Key Identifier:
keyid:F6:A1:72:2E:8B:AD:DC:35:8A:15:87:42:65:B4:66:74:3E:70:36:56
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9qFyLout3DWKFYdCZbRmdD5wNlY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/9ccf72-f2df-45b6-937b-6e079069b65b/1/_OUGlqALExRCoo8zMB6bb9eDmXc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/9ccf72-f2df-45b6-937b-6e079069b65b/1/9qFyLout3DWKFYdCZbRmdD5wNlY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
146.66.128.0/21
185.110.228.0/22
IPv6:
2a0f:cbc0::/29
Signature Algorithm: sha256WithRSAEncryption
57:94:07:8d:4e:e2:f1:25:42:e3:50:77:d0:cb:c1:fc:b5:46:
41:79:1e:bb:15:7f:bd:02:da:3d:d9:e7:01:7b:17:b6:cd:e4:
1a:a8:59:e9:3e:be:5b:98:6c:6f:14:bf:b5:33:7b:54:a4:e1:
67:50:e2:f8:6f:6c:5c:3c:8f:8d:0c:56:d6:a7:e9:38:5d:19:
ff:55:08:92:67:a5:ce:fd:e9:e7:1c:78:0b:f5:9c:d4:87:cc:
88:0c:18:3c:83:11:ca:be:6f:16:a9:8a:dd:56:6b:20:15:95:
4d:0a:da:8c:19:59:11:1b:80:4e:88:e4:5c:7a:1f:98:57:cd:
59:3a:8a:a9:96:04:3f:32:f6:d3:be:54:d6:aa:10:9c:5b:e9:
85:22:1e:5e:1c:5c:68:d4:09:9a:b0:f7:66:d4:26:ce:64:6c:
8a:62:57:b0:9e:33:7d:65:37:da:5b:dd:d8:72:7b:6e:88:04:
27:2c:d4:8b:b5:ba:c6:72:0c:67:af:85:1e:be:c1:48:1b:89:
55:ed:2f:fc:41:55:28:63:21:e7:14:58:09:cb:52:a9:27:18:
d6:e9:a8:f0:6f:fa:a0:11:33:c7:d8:7a:03:ee:01:1a:ef:1f:
83:e7:38:4e:6b:e9:74:8d:14:75:6c:19:e0:af:8e:3e:c8:13:
ad:34:5f:f9
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZBd+jrRgZAiSOyZ5t89rLyHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2YTE3MjJlOGJhZGRjMzU4YTE1ODc0MjY1YjQ2Njc0M2U3
MDM2NTYwHhcNMjQwNjI4MDgzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2U1MDY5NmEwMGIxMzE0NDJhMjhmMzMzMDFlOWI2ZmQ3ODM5OTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZ06RoL+ATZ2p7aAcgiN0symCs5L
ohnnSICi20DJ7OTmZX8NIT77hAORGOsmFjPZo8dyfZmxlB1qYBSeNjUxsKwwrWAV
vKjDxRVWGQKwyTvjKVOCO9nFmmJCKkqIOuG7Qc0wdqBPLqlSk41pC2ZJlK7M+3lM
nFrmlN0rjUd8BzoM7ZPRd36T335QirrFKHQBZbyWNzFNHpDULV7sJy4i1jQUz8I9
+tRRwsd8yTGcYSRzHZY3q0Ta+kYcxdUsa524T1PMD15xgDlbGl/+R5jXgNgaEl0i
Ia0cFrIZOnNdWaczzPPzXeKketyd78PfDVIpPnQpjq6IML600aO3SnF2TQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPzlBpagCxMUQqKPMzAem2/Xg5l3MB8GA1UdIwQY
MBaAFPahci6Lrdw1ihWHQmW0ZnQ+cDZWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXFGeUxvdXQzRFdLRllkQ1piUm1kRDV3TmxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy85Y2NmNzItZjJkZi00NWI2LTkzN2It
NmUwNzkwNjliNjViLzEvX09VR2xxQUxFeFJDb284ek1CNmJiOWVEbVhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy85Y2NmNzItZjJkZi00NWI2LTkzN2ItNmUwNzkwNjliNjVi
LzEvOXFGeUxvdXQzRFdLRllkQ1piUm1kRDV3TmxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDkkKAAwQC
uW7kMA0EAgACMAcDBQMqD8vAMA0GCSqGSIb3DQEBCwUAA4IBAQBXlAeNTuLxJULj
UHfQy8H8tUZBeR67FX+9Ato92ecBexe2zeQaqFnpPr5bmGxvFL+1M3tUpOFnUOL4
b2xcPI+NDFbWp+k4XRn/VQiSZ6XO/ennHHgL9ZzUh8yIDBg8gxHKvm8WqYrdVmsg
FZVNCtqMGVkRG4BOiORceh+YV81ZOoqplgQ/MvbTvlTWqhCcW+mFIh5eHFxo1Ama
sPdm1CbOZGyKYlewnjN9ZTfaW93YcntuiAQnLNSLtbrGcgxnr4UevsFIG4lV7S/8
QVUoYyHnFFgJy1KpJxjW6ajwb/qgETPH2HoD7gEa7x+D5zhOa+l0jRR1bBngr44+
yBOtNF/5
-----END CERTIFICATE-----
Generated at Sun Apr 20 02:01:12 2025 by rpki-client